× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c1778c02f10ee905455d4b5fc24ac16a43df0e39c038070820ebb8f483b1add
File name: wimappx.exe
Detection ratio: 41 / 68
Analysis date: 2018-08-08 21:45:53 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31156405 20180808
AhnLab-V3 Trojan/Win32.Emotet.R233885 20180808
ALYac Trojan.Autoruns.GenericKDS.31156405 20180808
Arcabit Trojan.Autoruns.GenericS.D1DB68B5 20180808
Avast Win32:Malware-gen 20180808
AVG Win32:Malware-gen 20180808
BitDefender Trojan.Autoruns.GenericKDS.31156405 20180808
Bkav HW32.Packed.4AF6 20180807
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180808
Cyren W32/Emotet.EQ.gen!Eldorado 20180808
DrWeb Trojan.EmotetENT.257 20180808
Emsisoft Trojan.Autoruns.GenericKDS.31156405 (B) 20180808
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJPT 20180808
F-Prot W32/Emotet.EQ.gen!Eldorado 20180808
F-Secure Trojan.Autoruns.GenericKDS.31156405 20180808
Fortinet W32/EMOTET.SMAL8A!tr 20180808
GData Trojan.Autoruns.GenericKDS.31156405 20180808
Ikarus Trojan.Win32.Krypt 20180808
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20180808
K7GW Riskware ( 0040eff71 ) 20180808
Kaspersky Trojan-Banker.Win32.Emotet.baim 20180808
Malwarebytes Spyware.Emotet 20180808
MAX malware (ai score=100) 20180808
McAfee Emotet-FHY!73E42CF82C7D 20180808
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180808
Microsoft Trojan:Win32/Emotet.AC!bit 20180808
eScan Trojan.Autoruns.GenericKDS.31156405 20180808
Palo Alto Networks (Known Signatures) generic.ml 20180808
Panda Trj/CI.A 20180808
Qihoo-360 HEUR/QVM20.1.02F1.Malware.Gen 20180808
Rising Trojan.Emotet!8.B95 (CLOUD) 20180808
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180808
Symantec Packed.Generic.517 20180808
TrendMicro TSPY_EMOTET.SMAL8A 20180808
TrendMicro-HouseCall TSPY_EMOTET.SMAL8A 20180808
Webroot W32.Trojan.Emotet 20180808
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.baim 20180808
AegisLab 20180808
Alibaba 20180713
Antiy-AVL 20180808
Avast-Mobile 20180808
Avira (no cloud) 20180808
AVware 20180727
Babable 20180725
Baidu 20180808
CAT-QuickHeal 20180807
ClamAV 20180808
CMC 20180808
Comodo 20180808
Cybereason 20180225
eGambit 20180808
Jiangmin 20180808
Kingsoft 20180808
NANO-Antivirus 20180808
SUPERAntiSpyware 20180808
Symantec Mobile Insight 20180801
TACHYON 20180808
Tencent 20180808
TheHacker 20180807
TotalDefense 20180808
Trustlook 20180808
VBA32 20180808
VIPRE 20180808
ViRobot 20180808
Yandex 20180808
Zillya 20180808
Zoner 20180808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name GettingStarted.exe
Internal name Getting Started
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Getting Started
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-07 08:15:58
Entry Point 0x000019C7
Number of sections 5
PE sections
PE imports
QueryUsersOnEncryptedFile
MulDiv
GetProcessHeap
SetFormA
GetJobW
Ord(30)
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Getting Started

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
27648

EntryPoint
0x19c7

OriginalFileName
GettingStarted.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:08:07 09:15:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Getting Started

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
103424

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 73e42cf82c7d721ff4f886ca3d917598
SHA1 d0f05e6b388ab6fd4b78a6dd3c861cdd986a43f6
SHA256 2c1778c02f10ee905455d4b5fc24ac16a43df0e39c038070820ebb8f483b1add
ssdeep
1536:rV4Vkk33v+VHgRrCenwpqY+yGbls3AJlk3VMzucK0DPLlOV8TsbVTEIBoW0He:xoKgrsFGbhdHDPwV8TmEsP0+

authentihash a50aeba1ae583a1ed02a18383384f7951d04e90d0084f676ac5083b58f7c1548
imphash dce1bef1bff727c4db12196f1c90c0a4
File size 123.5 KB ( 126464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-07 08:58:46 UTC ( 6 months, 2 weeks ago )
Last submission 2018-08-07 08:58:46 UTC ( 6 months, 2 weeks ago )
File names Getting Started
GettingStarted.exe
wimappx.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs